The definition of PEP in the AML-CFT Decision specifically lists the following roles as persons who always qualify as PEPs:

However, as there is no exhaustive list of the positions that qualify an individual as a PEP globally, the above list is not exhaustive and LFIs should use their discretion in identifying PEPs, and develop risk-based policies and procedures to ensure they appropriately identify customers who are PEPs, or the family members or close associates of PEPs.

For example, LFIs should use discretion in determining whether a customer who is government official or manager of a state-owned corporation is sufficiently “senior” to qualify as a PEP under the definition of the AML-CFT Decision. Not all public sector employees are PEPs. For example, a civil servant who sorts mail at the post office is unlikely to be a PEP, and although any public employee can carry some level of corruption risk, in such cases the risk is not sufficiently high to warrant special procedures. This distinction is captured in the AML-CFT Decision’s definition of a PEP as a natural person who has been awarded a “prominent public function.” At the same time, the decision whether or not to treat a customer as a PEP cannot be based solely on the customer’s title, rank, civil service grade, or other similar factors. It is also important to be aware that “prominent” is not simply equivalent to ‘famous’ or ‘well-known,’ and that individuals may be “entrusted” with a public function in a wide variety of ways, including by appointment, election, and promotion through the civil service.

Furthermore, LFIs should also be aware that high risks of corruption can exist even when a customer is not immediately qualifying as a PEP per definition. For example, the heads of large trade unions and professional associations are likely to wield political power without having been appointed to those roles by a government or international organization. LFIs may decide, in terms of their own risk appetite, to treat such individuals as PEPs.

The determination of whether a customer is a PEP should therefore consider a number of factors, including, most importantly, whether the natural person currently holds, or has recently held, a role that gives him or her power or influence over decisions, policy or the disbursal of funds belonging to a government or an international organization. Factors to consider when making this determination include the nature of the political and governance system in the country or international organization where the customer holds his or her position; roles and responsibilities within that system; authority over government decisions and activities, and access to government funds and assets (whether directly or indirectly such as through the awarding of government contracts).

PEPs are always natural persons. However, LFIs should perform a PEP analysis on customers who are the beneficial owners of legal persons or legal arrangements. Depending on the customer’s ownership and control structure, it may also be appropriate to perform a PEP analysis on the customer’s senior managing officer or senior management. Where risks are higher, for example, in the case of companies with complex structure and complex trust arrangements, LFIs should consider identifying beneficial owners below the 25% threshold mandated by the AML-CFT Decision. For example, a PEP and his spouse and three children may each own 15% of a company. No single family member would have to be identified as a beneficial owner under UAE law, but when their ownership shares are added together the family clearly exercises control over the company. Such a company would likely need to be subjected to the EDD requirements discussed in section 3.2.6.

The AML-CFT Decision requires LFIs to treat the direct family members and close associates of PEPs as if they were PEPs themselves.

The above-mentioned relationships should be viewed as a mandatory minimum, not as an exhaustive list of all relationships that may justify to treat a customer as a PEP. The link between the family member or the close associate with the PEP determine the level of risk. LFIs should take a risk-based approach and consider whether a relationship exists between their customer and the PEP that could be exploited or abused to obscure the PEP’s connection to illicit funds.

For example, an LFI may choose to also define as a direct family members any person in a relationship with a PEP, and, as close associates, partners, prominent members of the same political party or civil organization as the PEP; close friends or advisors; business partners or associates, especially those that share (beneficial) ownership of legal entities with the PEP, or who are otherwise connected (e.g. through joint membership of a company board) in accordance with FATF Guidance and the above mentioned definition.

Once an LFI has established that a qualifying relationship exists between a customer (or the beneficial owner of a customer) and a PEP, the LFI must treat the customer as a PEP (or as owned by a PEP). There is one important distinction, however, between a PEP and the direct family member or close associate of a PEP: the latter cannot transfer their status to their own family members and close associates. For example:

Similarly:

The definition of PEP in the AML-CFT Decision makes clear that a PEP does not cease to qualify as a PEP simply because they no longer hold a prominent public function (i.e. “Natural persons who are or have been entrusted with prominent public functions”). Nor does a Related Customer cease to require PEP treatment simply because the PEP to whom they are related no longer holds that position. A PEP’s risk (and, indirectly, the risk of a Related Customer) derives from the PEP’s power or influence over decisions, funds, or policy. Therefore, it may not be appropriate to continue to treat a customer as a PEP long after they have lost such power or influence. On the other hand, if PEP has amassed funds through corruption during his or her period in office, the PEP is likely to wait until being out of office to access or enjoy those funds. This means that the corruption risk remains even if a PEP has been out of office for a certain time.

Because each case is different it would not be appropriate for LFIs to apply a universal rule for determining whether a customer is no longer a PEP (e.g. one year after relinquishing the public position). Therefore, while LFIs may set a schedule to review PEP status, they should make a risk-based decision as to when sufficient time has passed for a customer to no longer be classified as a PEP. Factors to consider when making such a determination include:

Classification of a customer as a PEP or a Related Customer should take place during the CDD stage, prior to the commencement of the business relationship. Under Article 15 of the AML-CFT Decision, LFIs are required to have suitable risk management systems in place to determine whether a customer, or the beneficial owner of a customer, is a foreign PEP, or Related Customer and are required to take sufficient measures to identify whether a customer, or the beneficial owner of a customer, is a domestic PEP or an HIO, or Related Customer. In practice, however, it will generally be appropriate to conduct onboarding screening and ongoing screening on all customers. Even citizens of the UAE may qualify as foreign PEPs if they have been entrusted with prominent functions by foreign governments, for example, if they are dual citizens, or held office in a country that does not restrict prominent functions to citizens.

Screening may begin by including a question in onboarding forms or interviews that inquires whether the customer or any beneficial owner is a PEP or Related Customer. LFIs should not however rely solely on a customer’s assertion, but supplement this basic screening question with additional due diligence such as additional questions regarding the customer’s employment and job title, questions regarding the customer’s sources of funds and wealth, and conducting searches of public records (e.g. internet searches or searches of UAE databases) or proprietary databases. Should searches of public records or proprietary databases reveal adverse media on the potential PEP customer, the LFI should review the adverse media and determine whether it is within the LFI's risk appetite to onboard the potential PEP customer and/or subject the PEP to enhanced monitoring.

Where customers are public servants, LFIs should be sure to conduct these searches using not only the customer’s name but also the customer’s title, as some useful information (such as lists of high-level government positions) may be available by title only.

Some PEPs and Related Customers may be determined to conceal their status from financial institutions and the public at large in order to avoid enhanced scrutiny. In these cases, searches of public records or private databases may not reveal their status or the connection between the customer and a PEP. As always, LFIs should be alert to any aspects of a customer profile that are inconsistent or do not have a clear explanation. These ‘red flags’ may be connected to a variety of illicit or questionable activity, including concealed PEP status. Some potential indicators include:

Because a customer transforms from a non-PEP to a PEP immediately on being entrusted with a prominent public function, LFIs should use the ongoing monitoring process to determine whether a customer’s status has changed. Where a PEP customer, or a PEP who is connected to a Related Customer, has lost the prominent public function that qualified him or her for PEP status, ongoing monitoring can also determine whether it is appropriate to no longer classify the customer as a PEP or as a Related Customers, and to cease enhanced measures.

Under article 15.1.First.d) of the AML-CFT Decision, LFIs must conduct enhanced ongoing monitoring over relationship with foreign PEPs and Related Customers. This does not mean however that such customers should all be automatically assigned the same risk rating. In addition, as per article 15.1.Second.b), for domestic PEPs and HIOs, and their Related Customers, the EDD requirements in section 3.2.6 below are mandatory when there is a high-risk business relationship accompanying such persons. Therefore, it is important to appropriately risk-rate all PEP customers, customers whose beneficial owners are PEPs, and customers that are direct family members and close associates of a PEP. PEP-specific factors to consider in risk rating include:

For Related Customers, LFIs should consider the risk of the PEP to which the customer is connected, and also the nature and extent of the connection, in determining the risk rating.

The risk-rating process should also take into consideration not just features specific to PEPs but also all the standard elements of customer risk rating, such as the nature of the customer’s business and the products and services the customer intends to use. For example, a PEP who owns a cash-intensive business and seeks to make bulk cash deposits would likely be considered higher risk than a PEP whose only income is his salary, even if the two customers hold similar positions within a similarly high-risk jurisdiction.

In those cases where a natural person customer has PEP status from two sources, or where more than one PEP is involved in a legal person customer, LFIs should always use the higher risk rating. For example, if a single natural person customer has been appointed to prominent public functions by both the government of the UAE and a foreign government, that customer should be treated as a foreign PEP. Similarly, if a legal person customer has two domestic PEP owners, one high risk and the other medium risk, the legal person customer should be subject to EDD requirements.

Under Article 15 of AML-CFT Decision, when a customer (or the beneficial owner of a customer) is determined to be a foreign PEP or Related Customer, or where a customer (or the beneficial owner of a customer) is determined to be a domestic PEP or HIO or Related Customer, and when there is a high-risk business relationship accompanying such persons, LFIs must take the following mandatory steps:

As required by Article 7 of the AML-CFT Decision, LFIs must continuously monitor all their transactions to ensure that the transactions conducted are consistent with the information they have about the customer, their type of activity and the risks they pose, including, when necessary, the source of funds. As with all customer types, LFIs that use automated monitoring systems should apply rules with appropriate thresholds and parameters that are designed to detect common typologies for illicit behaviour. When monitoring and evaluating transactions, the LFI should take into account all information that it has collected as part of CDD.

Monitoring systems can include manual monitoring processes and the use of automated and intelligence led monitoring systems. In all cases, the appropriate type and degree of monitoring should appropriately match the money laundering and financing of terrorism (ML/FT) risks of the institution’s customers, products and services, delivery channels, and geographic exposure, and may therefore vary across an LFI’s business lines or units, where applicable. TM programs should also be calibrated to the size, nature, and complexity of each institution. The transaction monitoring system used by LFIs should be equipped to identify patterns of activity that appear unusual and potentially suspicious for PEPs customers as well as unusual behaviour that may indicate that a customer’s business has changed in such a way as to require a high risk rating. Please consult also the CBUAE’s Guidance for Licensed Financial Institutions on Transaction Monitoring and Sanctions Screening³ for further information.

³ Available at: https://www.centralbank.ae/en/cbuae-amlcft

As required by Article 15 of the AML-CFT Law and Article 17 of AML-CFT Decision, LFIs must file an STR, SAR or other report types with the UAE Financial Intelligence Unit (UAE FIU) when they have reasonable grounds to suspect that a transaction, attempted transaction, or funds constitute, in whole or in part, regardless of the amount, the proceeds of crime, are related to a crime, or are intended to be used in a crime. As per Article 18 of the AML-CFT Decision, In reporting their suspicions, employees must maintain confidentiality with regard to both the information being reported and the act of reporting itself, and make reasonable efforts to ensure the information and data reported are protected from access by any unauthorised person (Please consult also section 7.8 of the CBUAE’s Guidelines on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations for Financial Institutions). STR filing is not simply a legal obligation; it is a critical element of the UAE’s effort to combat financial crime and protect the integrity of its financial system. STR filings assist law enforcement in detecting criminal actors and preventing the flow of illicit funds through the UAE financial system. Please consult also the CBUAE’s Guidance for Licensed Financial Institutions on Suspicious Transaction Reporting⁴ for further information.

⁴ Available at: https://www.centralbank.ae/en/cbuae-amlcft